This knowledge article provides a Linux shell script which can be executed on any Authentication Manager instance in a deployment to list the contents of the JKS files found in /opt/rsa/am/server/security.
The Linux shell script must be executed with root privileges and requires the Operations Console username and password.
Installation
- Download and copy the attached AMJKSlist.sh shell script into /tmp on the Authentication Manager instance in the deployment. Review the article on how to enable Secure Shell on the Appliance, if needed. Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into /tmp.
- Change the permissions of the AMJKSlist.sh shell script so it can be executed at the command line:
chmod 755 /tmp/AMJKSlist.sh
Usage
- Logon to the Authentication Manager instance with the rsaadmin account, either in an SSH session or at the local console.
Note that during Quick Setup a user name other than rsaadmin may have been selected. Use that user name to login.
- Change the privileges of the rsaadmin account using the command:
sudo su -
Note that if you do not change the privileges of the rsaadmin account the following messages appears:
You must be the root user to use this program; exiting...
- Navigate to /tmp:
cd /tmp
- The shell script can be executed in one of two ways, as Operations Console user credentials are required.
cd /tmp ./AMJKSlist.sh <Operations Console administrator name> <Operations Console administrator password> Checking OC credentails.. OC credentials validated... redirecting to menu..
or
cd /tmp ./AMJKSlist.sh Checking OC credentials....missing OC credentials! Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> OC credentials validated... redirecting to menu..
- The shell script menu displays:
RSA Customer Support (Asia Pacific)
Listing Authentication Manager Java KeyStore Contents
1) Display JKS Passwords 2) Generate a Report - JKS Contents 9) Exit
Please select an option
Display JKS Passwords
Option 1 will display the passwords required to open the Authentication Manager Java KeyStore files. For example:
RSA Customer Support (Asia Pacific)
Listing Authentication Manager Java KeyStore Contents
1) Display JKS Passwords 2) Generate a Report - JKS Contents 9) Exit
Please select an option 1 Obtaining the JKS passwords..
SSL Client Identity Certificate Keystore File Password : CghsVPZIqimVOh7VTnf3LYbyoZ156H SSL Server Identity Certificate Keystore File Password : lfN25RuibhUMUPToxfwir2eyFy066e Root Certificate Keystore File Password : hWjA09JSGwRAxhh3UGydXcdLJ63Iw1 SSL Trust Store File Password : PmUzMsNOBP7UGcLhuELpfMAyb9h2fU
done!
Press any key to continue...
Generate a Report - JKS ContentsOption 2 will generate a report and list the contents of the Java KeyStore files. For example: RSA Customer Support (Asia Pacific)
Listing Authentication Manager Java Ketstore Contents
1) Display JKS Passwords 2) Generate a Report - JKS Contents 9) Exit
Please select an option 2 Obtaining the JKS passwords..done! Generating the report.. Listing contents of /opt/rsa/am/server/security/DemoIdentity.jks to file.. Listing contents of /opt/rsa/am/server/security/biztier-identity.jks to file.. Listing contents of /opt/rsa/am/server/security/caStore.jks to file.. Listing contents of /opt/rsa/am/server/security/console-identity.jks to file.. Listing contents of /opt/rsa/am/server/security/trust.jks to file.. Listing contents of /opt/rsa/am/server/security/vh-identity.jks to file.. Listing contents of /opt/rsa/am/server/security/vh-inactive.jks to file.. Listing contents of /opt/rsa/am/server/security/webserver-identity.jks to file.. Listing contents of /opt/rsa/am/server/security/webserver-inactive.jks to file.. Listing contents of /opt/rsa/am/server/security/webtier-identity-webtier01.jks to file.. done!
Report filename : /tmp/AMJKS-report_201810301412.log
Press any key to continue...
ExitOption 9 will leave the program. For example:
RSA Customer Support (Asia Pacific)
Listing Authentication Manager Java Ketstore Contents
1) Display JKS Passwords 2) Generate a Report - JKS Contents 9) Exit
Please select an option 9 Bye!
Example Report
RSA Customer Support (Asia Pacific) (1412-30102018)
Listing Authentication Manager Java KeyStore Contents
Authentication Manager JKS Filename : /opt/rsa/am/server/security/DemoIdentity.jks
Authentication Manager JKS Filename : /opt/rsa/am/server/security/biztier-identity.jks
Keystore type: JKS Keystore provider: SUN
Your keystore contains 3 entries
Alias name: server_identity_key_webserver Creation date: Oct 24, 2018 Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner: SERIALNUMBER=19a5d1309aa75cf8691381cb6a280aa3ca2be80fa83787e205756d77716f9f2b, CN=app82p.csau.ap.rsa.net Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net Serial number: 59238e1417ac4b9cfd2a7dd9193b9ece Valid from: Tue Oct 23 13:46:47 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037 Certificate fingerprints: MD5: 88:47:12:51:EA:4C:11:73:68:C1:27:0F:6A:1D:12:6B SHA1: EE:6E:36:31:CB:F9:8E:D0:49:71:22:DF:2A:8A:16:71:06:4E:D6:83 SHA256: 6F:2B:49:98:D9:EC:7F:AC:F2:B4:B0:7B:C9:66:A3:35:97:D6:42:37:42:EC:6B:93:A5:B0:1B:D6:28:50:14:E9 Signature algorithm name: SHA256withRSA Version: 3 Certificate[2]: Owner: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net Serial number: 4df353521ef573fd66bdc41bd67240c2 Valid from: Tue Oct 23 13:46:46 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037 Certificate fingerprints: MD5: 2B:D2:89:B6:C8:AF:6E:DE:AB:F3:68:F0:C6:68:11:79 SHA1: E9:61:17:A2:E2:6A:D0:18:0D:2F:C2:6E:8E:C4:EF:56:F6:0A:40:47 SHA256: 4D:E9:10:D3:D1:51:49:16:C0:36:D1:52:2F:D5:02:A6:8E:7D:9E:E9:60:AD:08:C8:21:0E:6E:64:E0:D8:B6:67 Signature algorithm name: SHA256withRSA Version: 3
******************************************* *******************************************
... ... ...
|